CVE-2025-21238
Published: 14 January 2025
Summary
CVE-2025-21238 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 23.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
CVE-2025-21238 is a remote code execution vulnerability in the Windows Telephony Service, carrying a CVSS 3.1 base score of 8.8. The flaw is associated with CWE-122 and affects the telephony component responsible for handling call and device management functions on supported Windows systems.
An unauthenticated attacker can trigger the issue over a network connection with low attack complexity and no privileges required, provided the victim performs a user interaction such as opening a specially crafted file or visiting a malicious link. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability on the target system.
Microsoft has published an advisory describing the vulnerability and available updates at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21238. The current EPSS score of 0.0090, with a recorded peak of 0.0121, indicates limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2305
Vulnerability details
Windows Telephony Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE in Windows Telephony Service with AV:N allows direct exploitation of a remote service (T1210) resulting in arbitrary command execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely identification, reporting, and correction of flaws such as CVE-2025-21238 via patching to prevent remote code execution in Windows Telephony Service.
Restricts the system to least functionality by disabling or limiting the non-essential Windows Telephony Service, reducing exposure to this RCE vulnerability.
Enforces memory protections like ASLR and DEP to mitigate stack-based buffer overflow (CWE-122) exploitation leading to RCE in the telephony service.